Sharp rise in business email compromise

Cyber attackers are expanding their attack methods to steal money and to gain access to corporate and employee data, a report reveals

There has been a sharp increase in business email compromise (BEC) or impersonation attacks, according to the latest email security risk assessment report by email management firm Mimecast.

Download this free guide

Web security 101: Keeping hackers at bay

Many people assume that they are untouchable when browsing the web. Many people are wrong. It's impossible to be completely safe whilst online, but there are some simple methods to help increase your web security.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

The report is based on aggregated tests that measure the efficacy of widely used email security systems and is aimed at helping participating organisations better understand the number and type of email-borne threats that are getting through their current defences.

As part of the cumulative assessments, Mimecast inspected more than 142 million emails that have passed through organisations’ incumbent email security suppliers, which revealed an 80% increase of impersonation or BEC attacks in comparison to the previous quarters’ report.

In BEC attacks, criminals typically gain access to a corporate email account and spoof the owner’s identity to trick employees, customers or partners into approving money transfers to criminal accounts.

An alternative approach is to compromise the computer, email account or email server of the victim organisation to intercept, alter or initiate business transactions, including direct payments on behalf of the victim organisation with the money destined to financial accounts they control.

Mimecast is applying its cloud-based microservices approach ever more widely to enable customer organisations to increase their cyber resilience.

The latest report underlines the success of this approach, with Mimecast technology identifying 203,000 malicious links in 10,072,682 emails that were deemed safe by other security systems.

According to the report, Mimecast was able to identify an additional 19 million pieces of spam, more than 13,000 emails containing dangerous file types, and more than 15,600 malware attachments that were missed by incumbent providers and delivered to users’ inboxes.

“Our latest quarterly analysis saw a continued attacker focus on impersonation attacks quarter on quarter. These are difficult attacks to identify without specialised security capabilities, and this testing shows that commonly used systems aren’t doing a good job catching them.”

According to Mimecast, the report indicates the need for organisations to enhance their cyber resilience strategies for email, with a multi-layered approach that includes a third-party service provider.

“The SE Labs report highlights the need for multiple layers of protection to increase security efficacy and to address the rise of more advanced email attacks,” said Gardiner.

Mimecast uses multiple layers and types of detection engines, combined with high performance analytics and a diverse set of threat intelligence sources, overseen by the Mimecast security operations team, he said.

Read more about BEC attacks

Business email compromise (BEC) attempts doubled between the first and second half of 2017

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.